Just an update I noticed that a few days ago Canonical finally got around to patching Copy Fail and Copy Fail 2 Electric Boogaloo in the 24.04 generic kernel:
https://ubuntu.com/security/notices/USN-8278-1 so an apt update on this holiday weekend on your Linux systems might be a good thing. Dirty Frag, https://nvd.nist.gov/vuln/detail/CVE-2026-43284 https://nvd.nist.gov/vuln/detail/CVE-2026-43500 and Fragnesia https://nvd.nist.gov/vuln/detail/CVE-2026-46300 Were apparently not in the generic kernels but ARE apparently in a number of the Hardware Enablement kernels. Dirty Frag has yet to be fixed - because - the initial kernel fix for it - opened a vulnerability that was then exploited by Fragnesia. The Fragnesia fix authors have warned that this is getting more common - fixes for a security hole are rushed out and open other security holes. Ted -----Original Message----- From: PLUG <[email protected]> On Behalf Of Ted Mittelstaedt Sent: Saturday, May 9, 2026 5:02 PM To: [email protected] Subject: [PLUG] Two new Linux vulnerabilities - just like Copy Fail <https://github.com/0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo> 0xdeadbeefnetwork/Copy_Fail2-Electric_Boogaloo: Copy Fail 2: Electric Boogaloo <https://github.com/V4bel/dirtyfrag> V4bel/dirtyfrag <https://nvd.nist.gov/vuln/detail/CVE-2026-43284> NVD - CVE-2026-43284 <https://nvd.nist.gov/vuln/detail/CVE-2026-43500> NVD - CVE-2026-43500 No fix exists for the second one yet so while the vulnerability has been reserved, it's not written yet The first one is a bona-fied zero day - the kernel fix was just committed a couple days ago to the main kernel then notification went out. None of the distros have released fixed kernels, yet. So if you have that old Linux system sitting around from a few years back that you forgot the root password for - these may help! :) Ted PS Ya know, I did post here that the Copy Fail vulnerability was going to be followed up shortly.I did I did.
